Rogue anti-virus levels are at highest recorded in more than a year

Levels of scareware, or rogue anti-virus, have been the highest recorded according to Fortinet.

Levels of scareware, or rogue anti-virus, have been the highest recorded according to Fortinet.

In its October 2009 Threatscape Report, author Derek Manky claimed that the total detected malware volume is at its highest in more than a year following a ‘significant' surge towards the end of September leading through October. He claimed that the main contributors were all rogue security downloaders.

Manky said: “In our last recap, we observed the fact that it was the one-year anniversary from an initial explosion of such fake software ('scareware') in September 2008. Indeed, just one month in from this anniversary we have now witnessed the worst scareware attacks yet.

“While it's likely coincidence that the peaks of these attacks have come just before Halloween, the danger cannot be ignored. These attacks are coming fast, hard and frequently.”

The report claimed that the attacks are prevalent worldwide. Also, with seven of ten listed detections in the malware top ten pointed back to scareware.

Manky said: “To put it to scale, this was the first time Virut, the stubborn and nasty file infector, was pushed out of our top ten in a year and a half. While Virut still remains an active threat, its prevalence was simply nowhere near as high as rogue security software this month.”

He further claimed that these are dangerous for three reasons – the fraud aspect, attacks are linked to downloaders and thirdly scareware continues to become more sophisticated while evolving to new targets.

“Last report, we indicated a potential shift to ransomware from scareware. Indeed, it seems as though this is already happening. While it has not yet happened in large scale, the event could be waiting on the horizon and could happen with haste. The detected scareware variants in our malware top ten are essentially just downloaders, which exhibited the same behaviour when executed: downloading the actual scareware components from remote servers,” said Manky.

“These components have even been bots, connecting a machine infected with scareware to a botnet. Add destructive techniques (ransomware) and an established infection base into the equation, and this threat becomes quite potent indeed. While all of the scareware related variants we detected this month indeed link to the same fake product (and affiliate program), the attacks may be broken down into two frameworks: scareware downloaders and Bredolab.”